Title

Unsupported versions of ColdFusion must be uninstalled or upgraded (Cat I impact)

Discussion

Without the current update installed, the product may be unstable or become a target for an attacker who can take advantage of a known exploit. ColdFusion 11 is no longer supported by the vendor. Unsupported versions of ColdFusion must be uninstalled or upgraded as part of an approved application management process.

Check Content

Open the ColdFusion Administrator Console. Check the version of ColdFusion. If the system is running ColdFusion 11, this is a finding.

Fix Text

Upgrade ColdFusion to a supported version or uninstall the application. All upgrade or uninstall actions should be executed in accordance with an approved application management plan.

Additional Identifiers

Rule ID: SV-237186r766577_rule

Vulnerability ID: V-237186

Group Title: SRG-APP-000516-AS-000237

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.